mumukit-login 5.3.2 → 6.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. checksums.yaml +4 -4
  2. data/lib/mumukit/login.rb +6 -2
  3. data/lib/mumukit/login/framework/rails.rb +0 -1
  4. data/lib/mumukit/login/helpers/authentication_helpers.rb +1 -1
  5. data/lib/mumukit/login/provider.rb +31 -3
  6. data/lib/mumukit/login/provider/auth0.rb +1 -2
  7. data/lib/mumukit/login/provider/base.rb +7 -4
  8. data/lib/mumukit/login/provider/developer.rb +0 -3
  9. data/lib/mumukit/login/provider/google.rb +17 -0
  10. data/lib/mumukit/login/provider/saml.rb +6 -8
  11. data/lib/mumukit/login/settings.rb +1 -1
  12. data/lib/mumukit/login/version.rb +1 -1
  13. metadata +19 -4
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 1e36fd2e076cfae5452b64673fb12a977f0b55e7d39d393268d36a3ab92a44c7
4
- data.tar.gz: be2b007c7cad4d8a6ccef8eb04a591d6d2668fa03ad03ee9c9811d738d947991
3
+ metadata.gz: 8bb86f9086ebb051c3220e522f000cdf86f51ac5afb4385430f0a23a3a631ef4
4
+ data.tar.gz: f360003953411c4a1fe8174bbcb428427a70bdc49f653a22c039de0633a0ea24
5
5
  SHA512:
6
- metadata.gz: 4a2b6c4add2e22f9584d16580da9580eb37d7dc6eb48dec741a3bb67ca6d8dfa2208954f4bad68c67dfefec82f87329403dcebe337913664e6aee392d1f9580b
7
- data.tar.gz: 153b01a9d3b5411bd57a5bbdab4cde35a84f395c1b72ead874208011da52673f309c6a4edede805bc102c9d76f62d1ca84ca94858f0356b1cd275768ea76e61a
6
+ metadata.gz: b33e7bf8cc1ed64854aeaed0de4d99a390378c272f0e39a893d95972ece9f9c0fa6d21ba34d7176f0610aa96425c2966f5b43db57d1de0f2c902d2506c6a57c7
7
+ data.tar.gz: 4d685044b1abcd5ec40c63792a942f3844a28a375ce37116c25cffedad278915971304e4a1d353bfa269b6d0593bb154773aea52ac3348516311c17838f3b994
data/lib/mumukit/login.rb CHANGED
@@ -4,6 +4,7 @@ require 'addressable/uri'
4
4
  require 'omniauth'
5
5
  require 'omniauth-auth0'
6
6
  require 'omniauth-saml'
7
+ require 'omniauth-google-oauth2'
7
8
 
8
9
  require 'mumukit/core'
9
10
  require 'mumukit/auth'
@@ -29,6 +30,7 @@ module Mumukit::Login
29
30
  config.mucookie_duration = ENV['MUMUKI_MUCOOKIE_DURATION'].defaulting(14, &:to_i)
30
31
 
31
32
  config.provider = Mumukit::Login::Provider.from_env
33
+
32
34
  config.saml = struct base_url: ENV['MUMUKI_SAML_BASE_URL'],
33
35
  idp_sso_target_url: ENV['MUMUKI_SAML_IDP_SSO_TARGET_URL'],
34
36
  idp_slo_target_url: ENV['MUMUKI_SAML_IDP_SLO_TARGET_URL'],
@@ -38,6 +40,8 @@ module Mumukit::Login
38
40
  config.auth0 = struct client_id: ENV['MUMUKI_AUTH0_CLIENT_ID'],
39
41
  client_secret: ENV['MUMUKI_AUTH0_CLIENT_SECRET'],
40
42
  domain: ENV['MUMUKI_AUTH0_DOMAIN']
43
+ config.google = struct client_id: ENV['MUMUKI_GOOGLE_CLIENT_ID'],
44
+ client_secret: ENV['MUMUKI_GOOGLE_CLIENT_SECRET']
41
45
  end
42
46
  end
43
47
 
@@ -71,7 +75,7 @@ module Mumukit::Login
71
75
  # @param [OmniAuth::Builder] omniauth
72
76
  #
73
77
  def self.configure_omniauth!(omniauth)
74
- provider.configure_omniauth! omniauth
78
+ Mumukit::Login::Provider.setup_providers! omniauth
75
79
  end
76
80
 
77
81
  def self.configure_login_routes!(native)
@@ -93,7 +97,7 @@ module Mumukit::Login
93
97
  end
94
98
 
95
99
  def self.provider
96
- Mumukit::Login.config.provider
100
+ Mumukit::Platform::Organization.current.login_provider_object || config.provider
97
101
  end
98
102
  end
99
103
 
data/lib/mumukit/login/framework/rails.rb CHANGED
@@ -64,7 +64,6 @@ module Mumukit::Platform::WebFramework::Rails
64
64
  # @param [ActionController::Base::Class] controller_class
65
65
  #
66
66
  def self.configure_controller!(controller_class)
67
- Mumukit::Login.config.provider.configure_rails_forgery_protection!(controller_class)
68
67
  controller_class.class_eval do
69
68
  include Mumukit::Login::AuthenticationHelpers
70
69
  include Mumukit::Login::AuthorizationHelpers
data/lib/mumukit/login/helpers/authentication_helpers.rb CHANGED
@@ -37,6 +37,6 @@ module Mumukit::Login::AuthenticationHelpers
37
37
  end
38
38
 
39
39
  def login_provider
40
- Mumukit::Login.config.provider
40
+ Mumukit::Login.provider
41
41
  end
42
42
  end
data/lib/mumukit/login/provider.rb CHANGED
@@ -1,8 +1,23 @@
1
1
  module Mumukit::Login::Provider
2
+ PROVIDERS = %w(
3
+ developer
4
+ saml
5
+ auth0
6
+ google
7
+ )
8
+
2
9
  def self.from_env
3
10
  parse_login_provider(login_provider_string)
4
11
  end
5
12
 
13
+ def self.enabled_providers
14
+ if ENV['MUMUKI_ENABLED_LOGIN_PROVIDERS'].blank?
15
+ PROVIDERS
16
+ else
17
+ ENV['MUMUKI_ENABLED_LOGIN_PROVIDERS'].split ', '
18
+ end
19
+ end
20
+
6
21
  def self.login_provider_string
7
22
  if ENV['MUMUKI_LOGIN_PROVIDER'].blank? || ENV['RACK_ENV'] == 'test' || ENV['RAILS_ENV'] == 'test'
8
23
  'developer'
@@ -19,13 +34,26 @@ module Mumukit::Login::Provider
19
34
  Mumukit::Login::Provider::Saml.new
20
35
  when 'auth0'
21
36
  Mumukit::Login::Provider::Auth0.new
37
+ when 'google'
38
+ Mumukit::Login::Provider::Google.new
22
39
  else
23
40
  raise "Unknown login_provider `#{login_provider}`"
24
41
  end
25
42
  end
43
+
44
+ def self.setup_providers!(omniauth)
45
+ enabled_providers.each { |it| parse_login_provider(it).configure_omniauth!(omniauth) }
46
+ end
47
+ end
48
+
49
+ module Mumukit::Platform::Organization::Helpers
50
+ def login_provider_object
51
+ @login_provider_object ||= login_provider.try { |it| Mumukit::Login::Provider.parse_login_provider it } # add provider settings in the future
52
+ end
26
53
  end
27
54
 
28
55
  require_relative './provider/base'
29
- require_relative './provider/saml'
30
- require_relative './provider/auth0'
31
- require_relative './provider/developer'
56
+
57
+ Mumukit::Login::Provider.enabled_providers.each do |it|
58
+ require_relative "./provider/#{it}"
59
+ end
data/lib/mumukit/login/provider/auth0.rb CHANGED
@@ -15,8 +15,7 @@ class Mumukit::Login::Provider::Auth0 < Mumukit::Login::Provider::Base
15
15
 
16
16
  def header_html(*)
17
17
  <<HTML
18
- <script src="https://cdn.auth0.com/js/lock/11.5.2/lock.min.js"></script>
19
- </script>
18
+ <script src="https://cdn.auth0.com/js/lock/11.5.2/lock.min.js"></script>
20
19
  HTML
21
20
  end
22
21
 
data/lib/mumukit/login/provider/base.rb CHANGED
@@ -9,12 +9,15 @@ class Mumukit::Login::Provider::Base
9
9
  controller.redirect! auth_path
10
10
  end
11
11
 
12
- def configure_rails_forgery_protection!(action_controller)
13
- action_controller.protect_from_forgery with: :exception
12
+ def login_path(controller)
13
+ create_uri '/login', login_path_params(controller)
14
14
  end
15
15
 
16
- def login_path(controller)
17
- create_uri '/login', origin: create_uri(controller.request.path, controller.request.params)
16
+ def login_path_params(controller)
17
+ {
18
+ origin: create_uri(controller.request.path, controller.request.params),
19
+ organization: Mumukit::Platform::Organization.current.name
20
+ }
18
21
  end
19
22
 
20
23
  def auth_path
data/lib/mumukit/login/provider/developer.rb CHANGED
@@ -2,7 +2,4 @@ class Mumukit::Login::Provider::Developer < Mumukit::Login::Provider::Base
2
2
  def configure_omniauth!(omniauth)
3
3
  omniauth.provider :developer
4
4
  end
5
-
6
- def configure_rails_forgery_protection!(*)
7
- end
8
5
  end
data/lib/mumukit/login/provider/google.rb ADDED
@@ -0,0 +1,17 @@
1
+ class Mumukit::Login::Provider::Google < Mumukit::Login::Provider::Base
2
+ def configure_omniauth!(omniauth)
3
+ omniauth.provider :google_oauth2,
4
+ google_config.client_id,
5
+ google_config.client_secret
6
+ end
7
+
8
+ def name
9
+ 'google_oauth2'
10
+ end
11
+
12
+ private
13
+
14
+ def google_config
15
+ Mumukit::Login.config.google
16
+ end
17
+ end
data/lib/mumukit/login/provider/saml.rb CHANGED
@@ -14,9 +14,6 @@ class Mumukit::Login::Provider::Saml < Mumukit::Login::Provider::Base
14
14
  idp_sso_target_url: saml_config.idp_sso_target_url,
15
15
  idp_slo_target_url: saml_config.idp_slo_target_url,
16
16
  slo_default_relay_state: saml_config.base_url,
17
- idp_cert: File.read('./saml_idp.crt'),
18
- certificate: File.read('./saml.crt'),
19
- private_key: File.read('./saml.key'),
20
17
  attribute_service_name: 'Mumuki',
21
18
  request_attributes: [
22
19
  {name: 'email', name_format: 'urn:oasis:names:tc:SAML:2.0:attrname-format:basic', friendly_name: 'Email address'},
@@ -27,14 +24,15 @@ class Mumukit::Login::Provider::Saml < Mumukit::Login::Provider::Base
27
24
  name: [saml_config.translation_name],
28
25
  email: [saml_config.translation_email],
29
26
  image: [saml_config.translation_image]
27
+ },
28
+ setup: lambda { |env|
29
+ options = env['omniauth.strategy'].options
30
+ options[:idp_cert] = File.read('./saml_idp.crt') # This is just a quickfix to avoid breaking if there are no saml configuration files.
31
+ options[:certificate] = File.read('./saml.crt') # It could also serve to parametrize these files by organization
32
+ options[:private_key] = File.read('./saml.key') # and have multiple organizations with different saml providers though.
30
33
  }
31
34
  end
32
35
 
33
- def configure_rails_forgery_protection!(_controller_class)
34
- # FIXME this is big security issue
35
- # Do nothing (do not protect): the IdP calls the assertion_url via POST and without the CSRF token
36
- end
37
-
38
36
  def logout_redirection_path
39
37
  "#{auth_path}/spslo"
40
38
  end
data/lib/mumukit/login/settings.rb CHANGED
@@ -7,7 +7,7 @@ class Mumukit::Login::Settings
7
7
  user_pass: 'Username-Password-Authentication'
8
8
  }
9
9
 
10
- attr_accessor :login_methods
10
+ attr_reader :login_methods
11
11
 
12
12
  def initialize(login_methods = Mumukit::Login::Settings.default_methods)
13
13
  @login_methods = login_methods.map(&:to_sym)
data/lib/mumukit/login/version.rb CHANGED
@@ -1,5 +1,5 @@
1
1
  module Mumukit
2
2
  module Login
3
- VERSION = '5.3.2'
3
+ VERSION = '6.0.0'
4
4
  end
5
5
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: mumukit-login
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.3.2
4
+ version: 6.0.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Franco Leonardo Bulgarelli
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-08-01 00:00:00.000000000 Z
11
+ date: 2018-09-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler
@@ -150,6 +150,20 @@ dependencies:
150
150
  - - "~>"
151
151
  - !ruby/object:Gem::Version
152
152
  version: '1.6'
153
+ - !ruby/object:Gem::Dependency
154
+ name: omniauth-google-oauth2
155
+ requirement: !ruby/object:Gem::Requirement
156
+ requirements:
157
+ - - "~>"
158
+ - !ruby/object:Gem::Version
159
+ version: '0.5'
160
+ type: :runtime
161
+ prerelease: false
162
+ version_requirements: !ruby/object:Gem::Requirement
163
+ requirements:
164
+ - - "~>"
165
+ - !ruby/object:Gem::Version
166
+ version: '0.5'
153
167
  - !ruby/object:Gem::Dependency
154
168
  name: mumukit-core
155
169
  requirement: !ruby/object:Gem::Requirement
@@ -184,14 +198,14 @@ dependencies:
184
198
  requirements:
185
199
  - - "~>"
186
200
  - !ruby/object:Gem::Version
187
- version: '2.0'
201
+ version: '2.5'
188
202
  type: :runtime
189
203
  prerelease: false
190
204
  version_requirements: !ruby/object:Gem::Requirement
191
205
  requirements:
192
206
  - - "~>"
193
207
  - !ruby/object:Gem::Version
194
- version: '2.0'
208
+ version: '2.5'
195
209
  description:
196
210
  email:
197
211
  - franco@mumuki.org
@@ -219,6 +233,7 @@ files:
219
233
  - lib/mumukit/login/provider/auth0.rb
220
234
  - lib/mumukit/login/provider/base.rb
221
235
  - lib/mumukit/login/provider/developer.rb
236
+ - lib/mumukit/login/provider/google.rb
222
237
  - lib/mumukit/login/provider/saml.rb
223
238
  - lib/mumukit/login/settings.rb
224
239
  - lib/mumukit/login/shared_session.rb